This isn't exactly a Samba question, but I heard Luke Leighton say
something at LISA NT that I'd like to know a little more about.
In reference to gina.dll and user authentication, Luke said that NT
makes a call to something along the lines of "LogonUserEx()", which
isn't documented (although "LogonUser()" is). What I'd like
to know
is: how did he know? Is there some tool that allows one to "sniff"
system calls? (Even better, might it possible to puzzle out what's
going on in the kernel while it's processing a system call, perhaps by
seeing other system calls cascading off the original?)
John.
